Out-of-Band Authentication (OOBA)

The essential idea behind out-of-band authentication is that by using two different channels, authentication systems can guard against fraudulent users that may only have access to one of these channels.

One of the most common examples of out-of-band authentication is in banking transactions. Typically, a customer wishing to do an online bank transaction will be sent an SMS message by cell phone with a password. This way, any hackers or identity thieves that have access through key loggers or other equipment will not be able to access that particular password, because it is sent over a 3G or 4G wireless network instead of being sent over the Internet. This type of authentication can be extremely effective as long as fraudulent operators haven’t somehow gained access to the user’s cell phone system as well. Sophisticated hacking that is able to access the SMS message and password is often called a man-in-the-middle attack. In general, a man-in-the-middle attack involves creating a dummy network that will trick the victim into thinking that it is a legitimate network. If the actor can intercept the user’s cell phone communications, it may be possible to overcome out-of-band authentication security protocols.